Page 1 of 1

Uploading files - really this easy?

Posted: Fri Apr 18, 2003 5:57 am
by Toneboy
I always thought uploading files was going to be a pretty difficult thing to learn, but I just saw this script over at evilwalrus.com.

I can't believe uploading files could be so easy. But then again, the script is three years old. Here it is, adapted a bit.

Part 1:

Code: Select all

<form action="upload.php" method="post" ENCTYPE="multipart/form- data"> 
<input type="file" size=40 name="file"><br> 
<input type="hidden" name="MAX_FILE_SIZE" value="100000"> 
<input type="submit" value="upload"> 
</form>
And, naturally enough, the proposed upload.php:

Code: Select all

<? 
if ($file == "none") { 
print "You must specify a file to upload"; 
} 
else { 
copy($file, "$DOCUMENT_ROOT/uploads/newfolder/$file_name"); 
unlink($file); 
} 
?>
Also I recognise that you would need to set the CHMOD settings on that directory correctly.

Is it really that simple, or should you be doing something else as well?

Posted: Fri Apr 18, 2003 6:05 am
by volka
basically it is that simple. In recent versions of php (see also: http://forums.devnetwork.net/viewtopic.php?t=511) the location where the file infos are stored changed.

Code: Select all

&lt;form action="upload.php" method="post" ENCTYPE="multipart/form-data"&gt;
	&lt;input type="file" size=40 name="file"&gt;&lt;br&gt;
	&lt;input type="hidden" name="MAX_FILE_SIZE" value="100000"&gt;
	&lt;input type="submit" value="upload"&gt;
&lt;/form&gt;

Code: Select all

<?php
...
// is there just anything that might be considered an uploaded file?
if (isset($_FILES['file']) && $_FILES['file']['name']!='')
{
	// any content?
	if ($_FILES['file']['size'] > 0)
	{
		if (move_uploaded_file($_FILES['file']['tmp_name'], $uploaddir . $_FILES['file']['name']))
			echo 'done.';
		else
			echo 'internal error, file could not be stored';
	}
	else
		echo 'file has no content, aborted';
}
else
	echo 'no file has been uploaded';
...
?>
(script tested not even by compiler ;) )

Posted: Fri Apr 18, 2003 6:11 am
by Toneboy
Excellent stuff, thanks.

Are you specifying your $uploaddir in your php.ini file, or doing that elsewhere? I'm a virtual server user, so unfortunately I would not be able to change any of the php.ini settings.

Posted: Fri Apr 18, 2003 6:17 am
by volka
it's from http://www.php.net/manual/en/features.file-upload.php ;)
you can specify $uploaddir wherever you want (in that script or an included script or ...), that's why there are ... before and after the code snippet.

p.s.: I added && $_FILES['file']['name']!='' seconds before you posted. Always forget it :oops:
If the form is submitted without a file selected there is an element 'file' in $_FILES but without values for 'name', 'tmp_name' and so on.

Posted: Wed May 14, 2003 5:44 am
by Toneboy
Any recommendations for the best CHMOD setting for an upload directory - 0777?

All working fine and dandy, just fine-tuning now. I'm also adding a mail() line so I'm notified of whenever a friend uploads a file for me to look at.

Posted: Mon May 19, 2003 4:30 am
by PaulCreedy
I'm very new to PHP and was looking at a way of uploading a file.

Thanks for the example.

Do you know if there is a way of checking the file end so that I can allow/deny different file types.

ie only allow JPEG, deny any .exe files etc.

Thanks in advance

Posted: Mon May 19, 2003 9:57 am
by Tubbietoeter
Use preg_match to check the file-name extensions. thats not very save though since extensions can be changed.